Okta Production – Release 2017.12 Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Okta Production – Release 2017.12
Published: Mar 28, 2017   -   Updated: Jun 22, 2018

Okta Production Release 2017.12 began deployment on March 27. For the latest information on our release schedule, see Current Release Status.

Check the version number at the bottom of your Okta Administrator page to see your current version. Clicking the version number takes you directly to the folder containing the release notes.

User-added image

Version numbers indicate the year and week of the year that releases are pushed to orgs. For example, release 2017.03 was pushed the third week of 2017. The week numbers follow the ISO Week Date convention. 

Special Announcements

The Okta Release Notes have a new look!

We are moving to a new, interactive release notes format. Our new design and functionality allows for clear navigation through all the elements you care about in Okta: Production and PreviewEarly Access features, Special announcements, and Mobile releases. You can see a list of all the features in a release quickly and find all available Early Access features. Try them out at https://help.okta.com/en/prod/Content/Topics/ReleaseNotes/okta-rel-notes.htm.

Note: Starting with release 2017.13, the Release Notes will complete transitioning to this new format.

Advance Notice: API Rate Limit Improvements

We are making org­-wide rate limits more granular, and treating authenticated end ­user interactions separately. More granular rate limits will further lessen the likelihood of calls to one URI impacting another. Treating authenticated end­ user interactions separately will lessen the chances of one user’s impacting another. We’re also providing a transition period so you can see what these changes will look like in your Okta system log before enforcing them:

  1. Starting in early April, 2017, we will provide system log alerts to let you know if you exceeded any of these new API rate limits.

  2. Starting in early April, 2017, we will treat authenticated end ­user interactions on a per­-user basis. Interactions like SSO after login won’t apply to your org­-wide API rate limits.

  3. Early in May, 2017, we will enforce the new, more granular rate limits. At that point, the warnings in the System Log will change to error notifications.

Of course, as each change is released, we’ll announce the change in the Platform Release Notes on http://developer.okta.com.

For a full description of the rate limit changes, see API Rate Limit Improvements.  

Browser plugin phased rollout

On February 20, 2017, Okta began a phased Generally Available (GA) release of Okta browser plugin version 5.11.x for all supported browsers. We've postponed our plan to complete the rollout on March 7, 2017. The new target is April 1, 2017. This version provides security enhancements. Okta strongly recommends that you install the plugin when prompted to do so. If you have any questions or concerns following the upgrade, contact Okta Support. For version history, see Browser Plugin Version History.

New Okta Sign-In Experience to be enabled for all remaining Production orgs

We've postponed our plan to automatically enable the New Okta Sign-In Experience by February 15, 2017 for the remaining Production orgs that have not enabled it yet. Our new target is April 1, 2017. In the meantime, we recommend that you enable the feature at your convenience to let your users become familiar with it. If you have any questions, please contact Okta Support.

What's New

Unless otherwise noted, these features are available for all organizations with release 2017.12.

  • You can automatically send your users an email if their account becomes locked due to too many failed sign-in attempts. You can insert a link in the email to let users unlock their account. For details, see Configure lockout settings. This is an Early Access (EA) feature; contact Okta Support to enable it.

    User-added image

  • We have made the following enhancements to our System Log (V2):

    • Click Expand All to expand the left side event categories. This link then toggles to Collapse All.

    • More information about an event is now displayed when the category is collapsed. The following additional details are displayed (if available):

      • Actor: user id
      • Client: ip address
      • Event: transaction id
      • Target: target resource type and target resource id

      User-added image

    • In addition to displaying the Outcome of an event, when the Outcome is failure, we now also display the reason why:

      User-added image

  • We have enhanced the landing URL for the Office 365 CRM chiclet; after the end user signs in and authenticates themselves into Dynamics 365, they are now able to see all of their CRM instances. This is an EA feature; contact Okta Support to enable it.

Platform Release Notes

Changes to the platform for this release are published in the Platform Release Notes on http://developer.okta.com.

Agent Update

We have released Okta IWA Agent version 1.10.2 for EA users. This version fixes the following issues:

  • The agent failed to launch in Windows 2016.
  • SP-initiated logins failed under certain circumstances.

To obtain this EA version, contact Okta Support. For version history, see SSO IWA Web App Version History.

Application Updates

We've implemented SWA for the following Okta Verified applications:

  • BEAMGroups (OKTA-119020)

  • Cashet (OKTA-118123)

  • Chrome River (OKTA-119192)

  • Citrix Receiver (OKTA-116900)

  • Glip (OKTA-118950)

  • KnowBe4 (OKTA-118147)

  • LoansPQ (OKTA-116896)

We've implemented SAML for the following Okta Verified applications:

  • Aurion (OKTA-109423)

  • BearTracks (OKTA-114504)

  • bob (OKTA-114648)

  • Lattice (OKTA-119365)

  • Lessonly (OKTA-114044)

  • Skyhigh Networks

  • When I Work (OKTA-117854)

We've implemented SAML for the following Community Created application:

  • SoapboxHQ (OKTA-83597)


We've added the following Mobile applications for use with Okta Mobility Management (OMM) (Android and iOS):

  • Basecamp (OKTA-118773)

  • Birst (OKTA-118938)

  • Glip (OKTA-119377)

  • Livestream (OKTA-118776)

  • Workfront (OKTA-119072)

We've added the following Mobile application for use with Okta Mobility Management (OMM) (iOS only):

  • InVisionApp (OKTA-118777)

    We've changed Signature/Digest algorithms from SHA1 to SHA256 for the following SAML apps:

    • CloudMine (OKTA-114839)

    • Snowflake (OKTA-114823)

    • Titanfile (OKTA-114834)

    Bug Fixes

    Bug numbers ending with an H are hotfixes. Hotfixes are typically deployed after the initial release.

    Product Bug Fixes

    The following issues are fixed:

    • OKTA-115172 – Read-only admins and mobile admins were able to delete users from a Profile Master.
    • OKTA-114321 – Use of the Amazon Assistant plugin triggered rate limit errors for some Internet Explorer users.
    • OKTA-118120 – Customers experienced a 500 error when attempting to Retry on the Task page.
    • OKTA-105635 – Provisioning failed for GoToMeeting new users.
    • OKTA-115172H – Read-only and Mobile admins had greater access rights for Profile Master actions than permitted by their defined roles.
    • OKTA-117336 – When Okta deprovisioned a user in Rally, the user's role reverted to the original value pushed from Okta in spite of adequate mappings.
    • OKTA-118733H – The label on a button located in the Okta footer was difficult to read because the font was too dark.
    • OKTA-120086H – Out-of-network Windows users attempting to access Okta managed apps configured to deny such access were redirected to a Windows third-party enrollment page instead of the standard Access Denied page, as expected.

    Integrations Fixes

    The following SWA apps were not working correctly and are now fixed:

    • ADP Workforce Now (Admin)

    • ADP Workforce Now (Employee)

    • Awin (OKTA-118368)

    • CallRail (OKTA-119212)

    • Creately (OKTA-119223)

    • Edward Don and Company

    • Flurry (OKTA-119224)

    • Real Capital Analytics

    • Travitor

    • Zkipster (OKTA-118207)

    The following SAML apps were not working correctly and are now fixed:

    • Attendease (OKTA-117520)

    • Rally Software (OKTA-117336)

    • Workfront (OKTA-110025)